Replacing rexec

[Evan Simpson]

Tim Gerla wrote:
> Given a bit more assurance that a replacement would be useful and
> possible, we potentially have the resources to do so. Having a working
> and trusted plpython is valuable to both my own organization and, IMHO,
> the Python world itself.

Zope has a trusted Python implementation based on Python 2.2+'s compiler 
package.  It would need to be substantially adapted for use in plpython, 
but it could be done.  Among other things, it controls imports and 
builtins, forbids the use of exec and eval, redirects print statements, 
and prevents access to names starting with '_'.

Cheers,

Evan @ 4-am